IT Security: purchase of fraudulent SSL certificates "state driven."
Comodo, a provider of Secure Socket Layer (SSL) certificates which verify the authenticity of a website, says that it has uncovered a fraud in which certificates were purchased in the names of leading companies. The attack, mounted via an authorised reseller's direct access account, has been traced back to several servers, the most used being in Iran. That, the company says, leads it to conclude "that this was likely to be a state-driven attack."
Most Recent - This Section
IT Security: criminals exploit insecure WordPress installationsIT Security: Phishing attack from within Yahoo Messenger
IT Security: Zappos.Com admits huge security breach.
IT Security: "Twihards" targeted by internet crooks
IT Security: Microsoft ceases use of "supercookies."
Most Recent - Whole Site
The Risk Professional: Green Capital Consulting GroupLegal Professional: Baker Mac lawyer guilty of money laundering and securities fraud
Sales and Marketing: shooting oneself in the foot
Business Crime: Dear Mrs Kate Dave: Yes, please. Send it now.
The Risk Professional: Is your data secure enough for the UK's ICO?
Most Recent - BankingInsuranceSecurities.Com
Sanctions: USA PATRIOT Act designation 20120522Sanctions: OFAC Update 20120515
Sanctions: OFAC update 20120508
Sanctions: OFAC Update 20120517
Sanctions: OFAC Update 20120517 - 2
The main server used in the attack has IP address 212.95.136.18 and is located in Tehran, says Comodo. A statement says "One user account in one RA was compromised. The attacker created himself a new userID (with a new username and password) on the compromised user account. The attacker was well prepared and knew in advance what he was to try to achieve. He seemed to have a list of targets that he knew he wanted to obtain certificates for, was able quickly to generate the CSRs for these certificates and submit the orders to our system so that the certificates would be produced and made available to him. Although they requested 9 certificates we do not know if they received all of these certificates. We know that they definitely received one of the certificates. All certificates were revoked immediately on discovery."
Comodo has issued the following list.
Fraudulently issued certificates
9 certificates were issued as follows:
Domain: mail.google.com [NOT seen live on the internet]
Serial: 047ECBE9FCA55F7BD09EAE36E10CAE1E
Domain: www.google.com [NOT seen live on the internet]
Serial: 00F5C86AF36162F13A64F54F6DC9587C06
Domain: login.yahoo.com [Seen live on the internet]
Serial: 00D7558FDAF5F1105BB213282B707729A3
Domain: login.yahoo.com [NOT seen live on the internet]
Serial: 392A434F0E07DF1F8AA305DE34E0C229
Domain: login.yahoo.com [NOT seen live on the internet]
Serial: 3E75CED46B693021218830AE86A82A71
Domain: login.skype.com [NOT seen live on the internet]
Serial: 00E9028B9578E415DC1A710A2B88154447
Domain: addons.mozilla.org [NOT seen live on the internet]
Serial: 009239D5348F40D1695A745470E1F23F43
Domain: login.live.com [NOT seen live on the internet]
Serial: 00B0B7133ED096F9B56FAE91C874BD3AC0
Domain: global trustee [NOT seen live on the internet]
Serial: 00D8F35F4EB7872B2DAB0692E315382FB0
Download PDF version of this page
